예제 #1
0
 public function getIndex(Request $request)
 {
     $keys = Models\APIKey::all();
     foreach ($keys as &$key) {
         $key->permissions = Models\APIPermission::where('key_id', $key->id)->get();
     }
     return view('admin.api.index', ['keys' => $keys]);
 }
예제 #2
0
 public function authenticate(Request $request, Route $route)
 {
     if (!$request->bearerToken() || empty($request->bearerToken())) {
         throw new UnauthorizedHttpException('The authentication header was missing or malformed');
     }
     list($public, $hashed) = explode('.', $request->bearerToken());
     $key = APIKey::where('public', $public)->first();
     if (!$key) {
         throw new AccessDeniedHttpException('Invalid API Key.');
     }
     // Check for Resource Permissions
     if (!empty($request->route()->getName())) {
         if (!is_null($key->allowed_ips)) {
             $inRange = false;
             foreach (json_decode($key->allowed_ips) as $ip) {
                 if (Range::parse($ip)->contains(new IP($request->ip()))) {
                     $inRange = true;
                     break;
                 }
             }
             if (!$inRange) {
                 throw new AccessDeniedHttpException('This IP address <' . $request->ip() . '> does not have permission to use this API key.');
             }
         }
         foreach (APIPermission::where('key_id', $key->id)->get() as &$row) {
             if ($row->permission === '*' || $row->permission === $request->route()->getName()) {
                 $this->permissionAllowed = true;
                 continue;
             }
         }
         if (!$this->permissionAllowed) {
             throw new AccessDeniedHttpException('You do not have permission to access this resource.');
         }
     }
     try {
         $decrypted = Crypt::decrypt($key->secret);
     } catch (\Illuminate\Contracts\Encryption\DecryptException $ex) {
         throw new HttpException('There was an error while attempting to check your secret key.');
     }
     $this->url = urldecode($request->fullUrl());
     if ($this->_generateHMAC($request->getContent(), $decrypted) !== base64_decode($hashed)) {
         throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
     }
     return true;
 }
예제 #3
0
 /**
  * Revokes an API key and associated permissions.
  *
  * @param  string $key The public key.
  *
  * @throws Illuminate\Database\Eloquent\ModelNotFoundException
  *
  * @return void
  */
 public function revoke(string $key)
 {
     DB::beginTransaction();
     try {
         $model = Models\APIKey::where('public', $key)->firstOrFail();
         $permissions = Models\APIPermission::where('key_id', $model->id)->delete();
         $model->delete();
         DB::commit();
     } catch (\Exception $ex) {
         DB::rollBack();
         throw $ex;
     }
 }